KrustyPlanet/hermes-agent
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(gateway): block config.yaml media delivery and fix triggering tip

Browse source 
Two related fixes for a bug where /new could cause config.yaml to be
sent as a Discord attachment:

1. Add config.yaml to the _media_delivery_denied_paths denylist in
   gateway/platforms/base.py. This prevents any accidental delivery of
   config.yaml as a native file attachment, matching the existing
   protection for .env, auth.json, and credentials/.

2. Reword the tip that triggered this: the tip
   'hermes chat --ignore-user-config skips ~/.hermes/config.yaml'
   contained a bare home-relative path to config.yaml. When randomly
   selected during /new, the extract_local_files() method in
   _process_message_background would match ~/.hermes/config.yaml as a
   local file path, find it exists, and dispatch it as a native Discord
   document attachment.
This commit is contained in:
BarnacleBoy 2026-05-30 19:28:31 +00:00
parent 5921d66785
commit 87d2e30cca
2 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
gateway/platforms/base.py
View file

@ -954,11 +954,13 @@ def _media_delivery_denied_paths() -> List[Path]:
home = Path(os.path.expanduser("~"))
for sub in _MEDIA_DELIVERY_DENIED_HOME_SUBPATHS:
denied.append(home / sub)
# The Hermes home itself contains credentials (auth.json, .env) — only the
# cache subdirectories under it are explicitly allowlisted above.
# The Hermes home itself contains credentials (auth.json, .env) and
# configuration (config.yaml) — only the cache subdirectories under it
# are explicitly allowlisted above.
denied.append(_HERMES_HOME / ".env")
denied.append(_HERMES_HOME / "auth.json")
denied.append(_HERMES_HOME / "credentials")
denied.append(_HERMES_HOME / "config.yaml")
return denied

2
hermes_cli/tips.py
View file

@ -430,7 +430,7 @@ TIPS = [
'hermes -z "<prompt>" is the purest one-shot: final answer on stdout, nothing else — ideal for piping in scripts.',
'hermes chat --pass-session-id injects the session ID into the system prompt so the agent can self-reference it.',
'hermes chat --image path/to/pic.png attaches a local image to a single -q query without a separate upload step.',
'hermes chat --ignore-user-config skips ~/.hermes/config.yaml — reproducible bug reports and CI runs.',
'hermes chat --ignore-user-config skips user config entirely — reproducible bug reports and CI runs.',
"hermes chat --source tool tags programmatic chats so they don't clutter hermes sessions list.",
'hermes dump --show-keys includes redacted API key fingerprints for deeper support debugging.',
'hermes sessions rename <ID> "new title" renames any past session; hermes sessions delete <ID> removes one.',